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Do  you  trust  the  cloud? 


Secure  communications...  ~ 


Secure  storage... 


Secure  computation? 
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PROgramming  Computation  on  EncyrptEd  Data 
(PROCEED) 


Goal:  practical  computation  on 
encrypted  data  without  decrypting 


Potential  Applications 

•  Email  content-filtering  guard  between 
networks  with  different  classification 
levels 

•  Privacy-preserving  cloud-based  voice 
over  I P  service 

•  Secure  cloud-based  mapping  service 
that  cannot  determine  your  location, 
route,  or  destination 


Source:  Flylogic 
Engineering  LLC; 
Corbis 


Encrypted  NAND  Gate 
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DARPA's  Newest  Cyber  Program 


Crowd  Sourced  Formal  Verification 

(CSFV) 
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The  Problem 
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Regardless  of  the 
application  size,  the 
system  loads  the 
same  number  of 
support  functions 
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For  every  1,000  lines 
of  code,  1  to  5  bugs 
are  introduced. 


Are  there  fundamental  scientific  reasons  that  prevent  us  from  doing  better? 
No:  “There  are  no  intrinsic  iaws  of  nature  in  cyber-security 
as  there  are  in. ..physics,  chemistry  or  bioiogy." 

[JASON  Report  on  Science  of  Cyber-Security,  2010] 
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Formal  Verification 


•  Formal  verification  can  obtain  0.1  -  0.5  bugs  per  KLOC,  however: 

•  Extremely  expensive:  software  development  costs  increase  by  2x  to  lOOx 

•  seL4  microkernel  formal  verification  took  11  person-years 

•  Fundamental  formal  verification  problems  resist  automation 

•  Computationally  undecidable:  Heuristics  have  improved,  but  remain  incomplete 
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The  Concept:  Crowd  Sourced  Formal  Verification 


“Game-ify"  Geeky  Formal  Verification 
Applies  game  solutions  to  the  originai  formai  verification  probiem 
Expioits  a  large  user  base  requiring  no  formai  verification  expertise 
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Scalability  to  DoD  Software  Systems 
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ESLOC  =  Executable  Source  Lines  Of  Code 


Source:  2009 
Defense  Science 
Board  report 
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Contact  I  nformation 


Watch  for  Special  Notice  SN  12-17  to  be  released  on  FedBizOpps  (fbo.gov) 

Drew  Dean 

Drew.Dean@darpa.mil 
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